PDA

View Full Version : 'Linux Firewall' 232 bytes per conntrack?


edge
20th February 2006, 10:46
Hmmm some strange thing going on here.

I've done the 'The Perfect Setup - Fedora Core 4' and installes 'ISPconfig' with no real problems.

Now I would like to use the 'Linux Firewall' the one accessale with Webmin, and not the firewall from ISPconfig, as I need to use some 'custom' IPTABLES.

When I dissable the ISPfirewall, and enable the 'Linux firewall' I see sometimes the following message in the main terminal popup..

ip_tables: (C) 2000-2002 Netfilter core team
Netfilter message via NETLINK v0.30
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 232 bytes per conntrack

As soon as I get the message on the terminal, I can not access anything anymore with the network!

Anyone here who can help fix this?

falko
20th February 2006, 16:49
When I dissable the ISPfirewall, and enable the 'Linux firewall' I see sometimes the following message in the main terminal popup..

ip_tables: (C) 2000-2002 Netfilter core team
Netfilter message via NETLINK v0.30
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 232 bytes per conntrack
That's the normal behaviour when iptables is activated. Nothing unusual here.

As soon as I get the message on the terminal, I can not access anything anymore with the network!

Anyone here who can help fix this?
Check your firewall rules - there must be one or more rules that locks you out.

edge
21st February 2006, 21:47
That's the normal behaviour when iptables is activated. Nothing unusual here.
Check your firewall rules - there must be one or more rules that locks you out.

Thanks again for the info. I was not sure if this was normal or not.

The server is now in a datacenter, and the only way of accessing it at the moment is it with SSH.

As I really do not want to lock myself out, I will wait till my next trip over to the datacenter and fix the firewall rules (I'm now using the ISPconfig firewall)

What I really want to do is close and open some (different) ports on the 8 IP's that I have.

Now when I scan my IP's they all show the same open/closed ports.
To bad ISPconfig will not let you set open/closed ports per IP.

With IPtables I can do so with no problem.